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Amendments to the Specification; 



Please replace paragraph [0054] with the following 
rewritten paragraph: 

[0054] Turning now to FIG. 10, a flow diagram that illustrates 
a method for generating a credential in accordance with one 
embodiment of the present invention is presented. Figure 10 
provides more detail for reference numeral 800 of FIG. 8. At 
1000, a credential authority receives a credential request 
including one or more supporting credentials. The supporting 
credentials may include credentials created previously by the 
credential authority. The supporting credentials may also 
include credentials created previously by another credential 
authority. At 1005, the credentials are processed. At 1010, a 
determination is made regarding whether the credentials were 
processed successfully. If the credentials were not processed 
successfully, a failure is registered at 1015 and a failure 
policy is applied at 1020. The failure policy specifies 
actions to be performed when a failure is detected. An 
exemplary failure policy performs a user notification function 
when the error is detected. 



Please replace paragraph [0074] with the following 
rewritten paragraph: 
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[0074] According to embodiments of the present invention, user 
enrollment data includes user authentication information used 
for subsequent visits to a service provider Web site. In other 
words, the service provider-specific user or a reference to the 
user data data is presented to the service provider Web site 
whenever the user data set is used to visit the same service 
provider Web site. The user authentication requirements of a 
particular service provider Web site will determine whether 
additional user authentication is required. For example, the 

Page 2 of 12 



Appl. NO. 10/033,373 

Amdt. dated June 30, 2 005 

Reply to Office Action of March 3, 2005 

stored user authentication data may suffice for a repeat visit 
to an Internet -based email site, but signing into a military- 
Web site may require additional user authentication measures 
such as biometrics each time the site is visited, regardless of 
the stored user authentication data. 

Please replace paragraph [0083] with the following 
rewritten paragraph: 

[0083] Turning now to FIG. 21, a flow diagram that illustrates 
a method for providing a service in accordance with one 
embodiment of the present invention is presented. Figure 21 
provides more detail for reference numeral 2060 of FIG. 20. At 
2100, user data is received. At 2105, one or more Web pages at 
a Web site is- are customized based on the user data stored on a 
user-controlled device. 

Please replace paragraph [0147] with the following 
rewritten paragraph: 

[0147] A service credential is a one-time token for a session 
with a specific server that may be obtained by applying a logon 
credential when accessing a service, while a logon credential 
may be used for multiple simultaneous sessions for multiple 
service providers. A service provider creates a service 
credential for its own use. A service credential may be 
applied to obtain further specific services, either for 
immediate use or fulfillment, or for postponed use or 
fulfillment. If the service credential is applied for 
immediate use of a service, a fulfillment credential 3925 may 
be dynamically created to satisfy the requested use. Reference 
numeral 3 93 9 represents the consumption or use of the 
fulfillment credential, after which time the fulfillment 
credential can no longer be used and can be discarded. 
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Please replace paragraph [0166] with the following rewritten 
paragraph : 

[016 6] One example of a use of this embodiment is where the 
resource is requested by a third party (such as a merchant 
accessing user data) that is not the owner but has permission 
of the owner to access the resource. In this case, it is 
possible that when the resource owner enrolls, the resource 
owner may authorize the third party to access the owner's 
credential and copy it into the third party's credential 
mechanism, thus providing the third party with indirect access 
to the resource protected by the credential. A second rights 
key ID may be associated with the resource referring to the 
rights key credential held by the owning user. 
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